LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Redhat: 'bind' DoS vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux A remote DoS (denial of service) attack is possible with bind versions prior to 8.2.2_P7.

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          Updated bind packages fixing DoS attack available
Advisory ID:       RHSA-2000:107-01
Issue date:        2000-11-11
Updated on:        2000-11-11
Product:           Red Hat Linux
Keywords:          bind DoS denial of service attack exploit security
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

A remote DoS (denial of service) attack is possible with bind versions
prior to 8.2.2_P7.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - i386, alpha, sparc
Red Hat Linux 6.0 - i386, alpha, sparc
Red Hat Linux 6.1 - i386, alpha, sparc
Red Hat Linux 6.2 - i386, alpha, sparc
Red Hat Linux 6.2EE - i386, alpha, sparc
Red Hat Linux 7.0 - i386, alpha, sparc
Red Hat Linux 7.0J - i386, alpha, sparc

3. Problem description:

A bug in bind 8.2.2_P5 allows for a denial of service attack.
If named is open to zone transfers and recursive resolving, it will crash
after a ZXFR for the authoritative zone and a query of a remote hostname.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.


Disabling zone transfers to non-trusted hosts by adding
allow-transfer { trusted-hosts; };
to /etc/named.conf prevents the exploit from working on older releases,
however, this does not fix the problem.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

20546 - bind 8.2.2-P5 remote DoS


6. RPMs required:

Red Hat Linux 5.2:

alpha: 
ftp://updates.Red Hat.com/5.2/alpha/bind-8.2.2_P7-0.5.2.alpha.rpm

sparc: 
ftp://updates.Red Hat.com/5.2/sparc/bind-8.2.2_P7-0.5.2.sparc.rpm

i386: 
ftp://updates.Red Hat.com/5.2/i386/bind-8.2.2_P7-0.5.2.i386.rpm

sources: 
ftp://updates.Red Hat.com/5.2/SRPMS/bind-8.2.2_P7-0.5.2.src.rpm

Red Hat Linux 6.0:

sparc: 
ftp://updates.Red Hat.com/6.0/sparc/bind-8.2.2_P7-0.6.2.sparc.rpm

i386: 
ftp://updates.Red Hat.com/6.0/i386/bind-8.2.2_P7-0.6.2.i386.rpm

alpha: 
ftp://updates.Red Hat.com/6.0/alpha/bind-8.2.2_P7-0.6.2.alpha.rpm

sources: 
ftp://updates.Red Hat.com/6.0/SRPMS/bind-8.2.2_P7-0.6.2.src.rpm

Red Hat Linux 6.1:

sparc: 
ftp://updates.Red Hat.com/6.1/sparc/bind-8.2.2_P7-0.6.2.sparc.rpm

i386: 
ftp://updates.Red Hat.com/6.1/i386/bind-8.2.2_P7-0.6.2.i386.rpm

alpha: 
ftp://updates.Red Hat.com/6.1/alpha/bind-8.2.2_P7-0.6.2.alpha.rpm

sources: 
ftp://updates.Red Hat.com/6.1/SRPMS/bind-8.2.2_P7-0.6.2.src.rpm

Red Hat Linux 6.2:

alpha: 
ftp://updates.Red Hat.com/6.2/alpha/bind-8.2.2_P7-0.6.2.alpha.rpm

sparc: 
ftp://updates.Red Hat.com/6.2/sparc/bind-8.2.2_P7-0.6.2.sparc.rpm

i386: 
ftp://updates.Red Hat.com/6.2/i386/bind-8.2.2_P7-0.6.2.i386.rpm

sources: 
ftp://updates.Red Hat.com/6.2/SRPMS/bind-8.2.2_P7-0.6.2.src.rpm

Red Hat Linux 7.0:

alpha: 
ftp://updates.Red Hat.com/7.0/alpha/bind-8.2.2_P7-1.alpha.rpm

sparc: 
ftp://updates.Red Hat.com/7.0/sparc/bind-8.2.2_P7-1.sparc.rpm

i386: 
ftp://updates.Red Hat.com/7.0/i386/bind-8.2.2_P7-1.i386.rpm

sources: 
ftp://updates.Red Hat.com/7.0/SRPMS/bind-8.2.2_P7-1.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
a8384e027a701ac18c222e8cf692d1bb  5.2/SRPMS/bind-8.2.2_P7-0.5.2.src.rpm
1a9d82ed254a4316000b0951870b7a1a  5.2/alpha/bind-8.2.2_P7-0.5.2.alpha.rpm
6fdd9dc50a075d82b457f6a1079cdef6  5.2/i386/bind-8.2.2_P7-0.5.2.i386.rpm
92801fa17e15665fab7ea18b9623ecd7  5.2/sparc/bind-8.2.2_P7-0.5.2.sparc.rpm
c663e471d722b6d59d147233c96466f9  6.0/SRPMS/bind-8.2.2_P7-0.6.2.src.rpm
95c9a4aa98c5278195df5853ea0f8371  6.0/alpha/bind-8.2.2_P7-0.6.2.alpha.rpm
a6dc64455c83374894d1ac149d27f9ba  6.0/i386/bind-8.2.2_P7-0.6.2.i386.rpm
29baa5949e4f67089e434148a4d1bf8c  6.0/sparc/bind-8.2.2_P7-0.6.2.sparc.rpm
c663e471d722b6d59d147233c96466f9  6.1/SRPMS/bind-8.2.2_P7-0.6.2.src.rpm
95c9a4aa98c5278195df5853ea0f8371  6.1/alpha/bind-8.2.2_P7-0.6.2.alpha.rpm
a6dc64455c83374894d1ac149d27f9ba  6.1/i386/bind-8.2.2_P7-0.6.2.i386.rpm
29baa5949e4f67089e434148a4d1bf8c  6.1/sparc/bind-8.2.2_P7-0.6.2.sparc.rpm
c663e471d722b6d59d147233c96466f9  6.2/SRPMS/bind-8.2.2_P7-0.6.2.src.rpm
95c9a4aa98c5278195df5853ea0f8371  6.2/alpha/bind-8.2.2_P7-0.6.2.alpha.rpm
a6dc64455c83374894d1ac149d27f9ba  6.2/i386/bind-8.2.2_P7-0.6.2.i386.rpm
29baa5949e4f67089e434148a4d1bf8c  6.2/sparc/bind-8.2.2_P7-0.6.2.sparc.rpm
9db3ab376d44984cf200a486c15fb267  7.0/SRPMS/bind-8.2.2_P7-1.src.rpm
cdaad5917739f5c20e4d01a37750386d  7.0/alpha/bind-8.2.2_P7-1.alpha.rpm
3ca7a0db5c91992478737bf7564ad148  7.0/i386/bind-8.2.2_P7-1.i386.rpm
105382156bffc1543e3907b12c2a417c  7.0/sparc/bind-8.2.2_P7-1.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://bugzilla.Red Hat.com/bugzilla/show_bug.cgi?id=20546


Copyright(c) 2000 Red Hat, Inc.


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.